Cookie & Tracking Technologies Policy

1) How to read this document

Short on time? Sections 3–5 tell you what we set and why.
Want to change choices? Use the in‑product Consent Management Platform (CMP) at Account → Privacy → Cookie Preferences.
Prefer browser or device controls? See Sections 11–12 for step‑by‑step guidance.
Need legal detail? Sections 2, 7–10, 14, 18–20 cover GDPR/AVG, retention, security, transfers, and your rights.

2) Legal background and lawful basis

Under the Dutch Telecommunicatiewet (ePrivacy rules) and the GDPR/AVG:

Strictly necessary cookies/SDKs do not require prior consent, though we still disclose them.
All other categories (analytics, personalisation, marketing/advertising) require your consent.
Our legal bases are: Consent for non‑essential categories; Contract and Legitimate interests for essential features; and Legal obligation for certain security and fraud‑prevention tasks.

You can withdraw consent any time in the CMP. Withdrawal does not affect processing carried out before withdrawal and may reduce optional features.

3) What are cookies and similar technologies?

Cookies are small text files stored by your browser. They allow websites to remember information between visits. We also use:

Local/Session Storage — browser storage for settings and IDs.
SDKs — software kits inside our mobile apps offering cookie‑like functions.
Pixels/Web beacons — tiny images or code that register when a page or email loads.
Device identifiers — OS‑level IDs (e.g., Android Advertising ID, iOS IDFA) managed by your device settings.
Server‑side sessions — session state on our servers referenced by a short token.
Limited fingerprinting signals — strictly for security/anti‑fraud where proportionate and permitted by law.

Cookies set by BinoBet are first‑party. Some features rely on third‑party technologies (for example, analytics or anti‑fraud vendors). Your CMP panel lists the current partners and purposes.

4) Your choices at a glance

Select Accept all, Reject non‑essential, or Customise in the CMP.
Change your mind any time in Account → Privacy → Cookie Preferences.
Use browser and mobile OS settings to add another layer of control (Sections 11–12).
We honour Global Privacy Control (GPC) where technically supported by your browser for marketing categories.

Refusing non‑essential cookies will not block core functions, but some conveniences (e.g., remembering filters, measuring performance) may be limited.

5) Categories we use

We assign each technology to a single category in the CMP for clarity.

5.1 Strictly necessary

Purpose: make the Platform work. Examples: secure login, session continuity, fraud prevention, load balancing, payment flows, consent storage. Without these, the site/app cannot operate reliably.

5.2 Preferences

Purpose: remember your settings (language, region, accessibility, view options, dismissed banners) so you don’t reconfigure each visit.

5.3 Performance

Purpose: understand what works, what’s slow, and what breaks. We measure page loads, navigation paths, crashes, and feature usage to improve quality. We prefer aggregated or de‑identified data.

5.4 Personalisation

Purpose: tailor content to you (recent games, relevant categories, saved lobby layout). Personalisation never changes odds, RTP, or game math.

5.5 Marketing/advertising

Purpose: measure campaign reach and frequency and show relevant BinoBet messages, mostly on our own properties. We do not sell personal data. Marketing is suppressed for CRUKS registrants and self‑excluded players.

5.6 Security & fraud prevention

Purpose: detect bots, account takeover, and location spoofing (VPN/TOR/remote desktop). Some entries in this class are required by law and licence conditions.

6) Illustrative inventory

Name	Provider	Category	Purpose	Expiry	Type
bb_session	BinoBet	Strictly necessary	Keeps you signed in securely	Session	HTTP cookie
bb_csrf	BinoBet	Strictly necessary	Protects forms from CSRF	Session	HTTP cookie
bb_consent	BinoBet	Strictly necessary	Records your CMP choices	12 months	Local Storage
bb_locale	BinoBet	Preferences	Saves language/region	6 months	HTTP cookie
bb_ab	BinoBet	Personalisation	A/B test variant	30 days	HTTP cookie
bb_perf	BinoBet	Performance	Anonymous visit ID for timings	24 hours	HTTP cookie
analytics_id	[Analytics vendor]	Performance	Usage stats & crash diagnostics	13 months	SDK/cookie
fraud_token	[Security vendor]	Security	Device risk signals	12 months	HTTP cookie
cmp_cache	CMP	Strictly necessary	Syncs consent across subdomains	6 months	HTTP cookie

Your CMP panel shows the current register with names, providers, domains, purposes, type, expiry, data sharing, and legal basis.

7) Mobile app specifics

On iOS/Android we rely on SDKs more than browser cookies. Key points:

Push notifications: we generate a token only after you enable notifications. You can disable push at any time in device settings.
Location: if local rules require us to verify you are physically in the Netherlands to play for real money, we ask for location permission. You can revoke it later; without it, real‑money play may not be available.
Crash reporting: SDKs collect device and app version details to fix issues.
Advertising IDs: you can reset/limit them in device settings (Section 12).

8) Email pixels, link tracking, and service messages

There is a tiny pixel in certain marketing emails that lets us know if the message was opened, and links sometimes have a token that lets us know which campaign was successful. You can choose to have graphics disabled by default in your email software or unsubscribe from the message using the link at the bottom if you prefer. Marketing pixels are not used in service emails (such as those that confirm payments, provide verification codes, or reset passwords).

9) Third‑party partners and data sharing

We work with reputable providers under contracts that include privacy and security commitments. Broad categories include:

Analytics & performance (load times, navigation, crash logs).
Security & anti‑fraud (device intelligence, bot detection, risk scoring, geolocation).
Payments (processing deposits/withdrawals, chargebacks).
Game studios & aggregators (to run games; typically pseudonymous session data).
Customer support (live chat, ticketing).
Marketing tools & CMP (consent storage, messaging).
CDNs (fast, secure content delivery).

Where a partner acts as our processor, it follows our written instructions. Where a partner decides its own purposes (e.g., independent analytics), it acts as an independent controller and provides its own notice.

10) International transfers

Data is processed by some parties outside of the EEA/UK. Standard Contractual Clauses (SCCs) or adequacy determinations are the foundation of our international transfer security, with the addition of encryption, access controls, and minimization if needed. Send a request to our DPO for a copy of the applicable safeguards; we will redact them for security and confidentiality reasons.

11) Managing cookies in popular browsers

(Interfaces change over time; check your browser’s help pages for the latest.)

Chrome: Settings → Privacy and security → Cookies and other site data.
Safari (macOS/iOS): Preferences/Settings → Privacy → Manage Website Data.
Firefox: Settings → Privacy & Security → Cookies and Site Data.
Edge: Settings → Cookies and site permissions.
Deleting cookies will sign you out and reset saved preferences. You can also use private/incognito windows to reduce persistence between sessions.

12) Managing identifiers on iOS and Android

iOS: Settings → Privacy & Security → Tracking (control app tracking prompts). Reset Advertising Identifier under Settings → Privacy & Security → Apple Advertising. Change app permissions (Location, Notifications) under Settings → [BinoBet].
Android: Settings → Privacy → Ads (reset Advertising ID, opt out of ads personalisation). Control app permissions (Location, Notifications) under Settings → Apps → BinoBet.

You can use the app without marketing identifiers. Location may be required for eligibility checks in certain features.

13) Security measures for cookies and SDK data

We apply appropriate technical and organisational measures, including:

TLS encryption in transit; encryption at rest for sensitive stores.
Avoiding storage of full card numbers or passwords in cookies or local storage.
Access controls and role‑based permissions for staff.
Logging and monitoring for unusual access patterns.
Vendor due diligence and contractual protections.
Penetration testing and secure development practices.
While no system is perfectly secure, we work hard to protect your data and review controls regularly.

14) Children and protected players

The Platform is for adults 18+. We do not knowingly set non‑essential cookies for minors. We suppress marketing/personalisation for players who are self‑excluded or listed in CRUKS and use security tools to prevent circumvention.

15) How analytics works here

Analytics help us improve: they show which pages are slow, which screens crash on some devices, and how features are used. We start from aggregates. When debugging individual events, we minimise scope and duration. IP addresses may be used to derive coarse location (country/city) and then truncated or removed per the vendor’s settings. You can turn analytics on or off at any time in the CMP.

16) Personalisation limits

Personalisation is about navigation and content layout—recent games, saved filters, featured categories. We do not change game probabilities, RTP, or odds based on your data. For RNG titles, outcomes remain random; for live games, outcomes come from physical equipment in secure studios.

17) Advertising and measurement

We primarily speak to players on our own channels (site, app, email). If we run broader campaigns, we aim for privacy‑preserving measurement. When marketing is disabled in the CMP, we do not load tags that require consent. You may still receive service messages essential to your account (e.g., payment confirmations).

18) Retention and consent logs

Session cookies end when you log out or close the browser.
Persistent cookies last from minutes to years depending on purpose.
We keep consent logs long enough to demonstrate compliance with ePrivacy/GDPR accountability rules and to act on your choices.
In the app, SDK identifiers are rotated periodically; push tokens are deleted when you disable notifications or uninstall the app.

19) Interplay with the Privacy Policy

This document focuses on technologies and choices. Our Privacy Policy explains the broader picture: what personal data we process, legal bases, who we share it with, international transfers, security, retention, and your rights. If there’s any tension between the two, the stricter consent rule applies.

20) Your GDPR rights

You may have rights to access, rectify, erase, restrict, object, and port certain data. For cookie/SDK choices, the fastest route is the CMP. For broader requests, contact our DPO at [[email protected]]. We respond without undue delay and within one month (extendable in complex cases). We may need to verify your identity.

21) Updates to this Policy

We may update this Policy due to legal changes (e.g., guidance from the Kansspelautoriteit or Autoriteit Persoonsgegevens), technology changes, or product updates. We publish the new version with an effective date and, where changes are material, we show an in‑product notice and may ask you to review choices again. Historic versions are available on request.